WooCommerce 2.6.9 Security/Fix Release Notes

The WooCommerce 2.6.9 security/fix release is now available. You can download it on WordPress.org or as an automatic update in your administration panel.

~44 commits made it into this release fixing several minor issues and taking care of some security hardening.

The main change was that we updated WooCommerce for compatibility with WordPress 4.7 and the new Twenty Seventeen theme!

The full changelog for 2.6.9 is below.

* Theme - Added support for Twenty Seventeen Theme.
* Fix - Excluded webhook delivery logs from comments count.
* Fix - Included password strength meter in "Lost Password" page.
* Fix - Order fee currency in admin screen.
* Fix - Variation selection on Firefox 40.
* Fix - Don't prevent submission when table is not found on cart.
* Fix - Improved layered nav counts on attribute archives.
* Fix - Fixed pagination when removing layered nav items via widget.
* Fix - Default BE tax rate.
* Fix - Downloads should store variation ID rather than product if set. Also fixes link on account page.
* Fix - Use wp_list_sort instead of _usort_terms_by_ID to be compatible with 4.7.
* Fix - Only return empty string if empty for weight and dimension functions.
* Security - Wrapped admin tax rate table values in _escape to thwart evil CSVs an admin user could upload. Vulnerability was discovered by Fortinet’s FortiGuard Labs.
* Dev - API - Only update categories menu order and display if defined.
* Dev - Fixed when should deliver wp_trash_post webhooks.

If you spot any further issues, please report them to us in detail on GitHub so the development team can review – comments on this post are closed.


Keep yourself in the loop!

This field is hidden when viewing the form
This field is hidden when viewing the form
This field is hidden when viewing the form


Leave a Reply

Your email address will not be published. Required fields are marked *